Assets

fraud-engine-service-94

service · AZURE · eu-central-1 · sandbox

Handles PII

Posture

critical
2
high
4
medium
4
low
6

Ownership

Applicationfraud-engine
TeamGrowth
OwnerSarah Chen
LanguageTypeScript
Criticality
tier-2

Findings (19)

info
Hardcoded AWS access key in source
SonarQubeSAST
open
5.7
low
Missing rate limiting on /login
OWASP ZAPDAST
open
7.6
medium
Open Redis without auth
CheckmarxSAST
open
5.2
medium
SQL Injection in user-input handler
CheckmarxSAST
open
5.6
medium
S3 bucket publicly readable
GrypeContainer
open
8
critical
S3 bucket publicly readable
OWASP ZAPDAST
false positive
6.9
info
Dependency confusion risk on internal package
WizCSPM
open
5.4
low
Unencrypted RDS snapshot
OWASP ZAPDAST
triaged
4
medium
Insecure deserialization in message queue consumer
DependabotSCA
open
6.9
low
SQL Injection in user-input handler
DependabotSCA
open
7.5
high
Cross-site Scripting in profile renderer
SnykSCA
triaged
5.7
low
Missing CSP header on auth pages
SnykSCA
triaged
9.3
high
S3 bucket publicly readable
SnykSCA
accepted
5.2
critical
Excessive Kubernetes RBAC privileges
TruffleHogSecrets
open
4.1
low
Terraform module pins old AMI with CVEs
Scout SuiteCSPM
triaged
5.2